Deal with abuse, phishing, or spoofing in Outlook.com

A phishing scam is an email that seems legitimate but is an attempt to get your personal information or steal your money. Scammers can also use a technique called spoofing to make it appear as if you've received an email from yourself. Here's how to deal with online abuse and phishing and spoofing scams sent to or coming from Outlook.com accounts.

Choose your version for instructions

The instructions are slightly different depending on whether you're using the new Outlook.com or the classic version. Choose the version you're using to see the instructions that apply to you.

Instructions for the new Outlook.com

Report a phishing or spoofing scam

If you believe you've received a phishing or spoofing scam, you'll first need to mark the email as junk and then mark it as a phishing scam.

Important: When a message is marked as a phishing scam, Outlook.com displays a warning at the top of the page, but any links in the message can still be opened.

Select the message you want to mark as a phishing scam and select Junk on the command bar.

You can also right-click the message and select Mark as junk.

Select the Junk Email folder, and then select Not junk > Phishing to report the sender.

Notes:

When you mark a message as phishing, it only reports the sender. it doesn't block that sender from sending you messages in the future. To block the sender, you need to add the sender to your blocked senders list. For more information, see Block senders or unblock senders in Outlook.com.

Instructions for classic Outlook.com

Report a phishing or spoofing scam

If you believe you've received a phishing or spoofing scam, report the email by selecting the arrow next to Junk and choosing one of the following options.

Important: When a message is marked as a phishing scam, Outlook.com displays a warning at the top of the page, but any links in the message can still be opened.

Junk Use this option for routine unwanted email.

Phishing scam Use this option for an email that is trying to trick you into giving out your personal information such as your password, bank account information, or Social Security number.

Notes:

When you mark a message as phishing, it only reports the sender. it doesn't block that sender from sending you messages in the future. To block the sender, you need to add the sender to your blocked senders list. For more information, see Block senders or unblock senders in Outlook.com.

Five common types of scams

The scam: You get an email that looks like it's from your bank, an e-commerce service like PayPal or eBay, or from your email provider, warning that your account will be suspended or closed unless you “verify” your account by replying with your account info.

What the scammer wants: In the case of bank or e-commerce scams, they want your personal info so they can steal your identity, empty your bank accounts, and run up charges on your credit card. If it’s supposedly from your email provider, the scammer wants your email account user name and password so they can hack your account and use it to send out junk email.

Additional clues that it’s a scam: It demands an urgent reply (for example, “You must verify within twenty-four hours”). This gives you little time to research if it’s legitimate.

Actions you can take: First and foremost, do NOT reply with any personal or account info, matter how dire the warnings sound.

If it's a bank or an e-commerce site, contact the company's customer service department via phone or online to see if the email is legitimate.

If it claims to be from Outlook.com, forward the email to report_spam@outlook.com.

The scam: There’s money sitting in some account that some official-sounding person wants to share with you. All you have to do is send him your personal info or some money.

What the scammer wants: Sometimes they just want you to send them money. Other times they want your personal info so they can steal your identity, empty your bank accounts, and run up charges on your credit card.

Additional clues that it’s a scam:

Any deal that involves an international bank, or where you have to send your info or cash overseas, should be highly suspect.

There’s often an element of larceny. Maybe the money isn’t really yours or theirs, but the rightful owner is dead, or a corrupt official, or some faceless company who will never miss it. Or the money is supposedly yours, but some other party is trying to steal it.

If there’s anything at all suspect about the deal, or if you don't understand why someone you don't know is making you (out of all the people in the world) this offer, you can bet that you’re being conned.

Actions you can take: First and foremost, do NOT reply with any personal or financial info, no matter how tempting the offer sounds.

Go to a hoax-debunking website like snopes.com and search on the email’s subject.

Report the email as a phishing scam (see "Report a phishing scam" above).

The scam: Congratulations! You just won the lottery! Or you were entered in a Microsoft sweepstakes and you’ve won the jackpot!

What the scammer wants: Your personal info so they can steal your identity and empty your bank accounts.

Additional clues that it’s a scam:

You were entered in the lottery or sweepstakes without your knowledge or permission.

They ask for your bank info so they can make a direct deposit.

The purpose of a sweepstakes is so the company can gather personal info via the form you fill out when you enter. They then sell that info or use it to market their products and services to you. No legitimate sweepstake needs you to give them your info—you already did.

Actions you can take: First and foremost, do NOT reply with any personal or financial info, no matter how tempting the offer sounds.

Go to a hoax-debunking website like snopes.com and search on the email’s subject.

Report the email as a phishing scam (see "Report a phishing scam" above).

The scam: A friend of yours is on vacation and got stranded. They need you to wire them some money, fast!

What the scammer wants: For you to send them some money.

Additional clues that it’s a scam: This one can be tougher to spot. Typically, the scammer has hacked your friend’s email account and sent this “emergency” email to your friend’s contact list. The sender email address will be legitimate. The salutation might even be personal (“Dear Joe”) but is the email really from your friend?

Actions you can take: Before you do anything else, stop and do a reality check.

Pick up the phone and call your friend. If you can’t get a hold of them, try contacting mutual friends.

Ask yourself the following questions:

The email probably says they are desperate and don’t know where else to turn, but do the two of you have the sort of relationship where they would turn to you for such a request?

Did they say anything to you earlier about taking a trip?

What’s the likelihood of your friend being in the situation the email claims they are in, or of doing whatever the email claims they have done?

Does it sound like your friend?

Unless you can contact your friend or a reliable mutual friend by some method other than email, you should probably assume it's a scam. Report it as My friend's been hacked (see "Report a phishing scam" above).

The scam: Forward this email and Microsoft will send you $500! Forward this petition to keep Outlook.com a free service! Warn all your friends about this scary computer virus!

What the scammer wants: To watch their hoax go viral and brag to their scammer friends.

Actions you can take:

If it’s about a computer virus or other security threat, go to the website for your antivirus software and look at the latest threat info.

Go to a hoax-debunking website like snopes.com and search on the email’s subject.

Report the email as Junk (see "Report a phishing scam" above).

Recovering your account after it's been hacked

If someone has gotten into your Outlook.com account, or you got a confirmation email for a password change you didn’t authorize, you can recover your account. For more information, see My Outlook.com account has been hacked.

Reporting abuse

If you're being threatened, call your local law enforcement.

To report harassment, impersonation, child exploitation, child pornography, or other illegal activities received via an Outlook.com account, forward the offending email as an attachment to abuse@outlook.com. Include any relevant info, such as the number of times you've received messages from the account and the relationship, if any, between you and the sender.